We can be pretty confident by saying that usage of cloud services in Banking sector (or financial sector) is very rudimentary. Partly because it’s a sector with a long traditions and certain culture, but also because of the regulations. Central banks and regulators are still quite passive about drafting their opinions and risk analyses on cloud banking.
But, last couple of years have brought several developments in this field that allow us to presume that coming years will bring some bigger changes.
In 2012, De Nederlandsche Bank (DNB, the central bank of the Netherlands), announced that Microsoft will include the “right to examine” for DNB in its office 365 agreements with Dutch financial institutions (http://www.toezicht.dnb.nl/en/7/51-226970.jsp). For the financial institutions in The Netherlands this meant that the possibility has been created to meet legal requirements when procuring Office 365 from Microsoft. Second quarter of 2013 added Microsoft Azure and Microsoft Dynamics also to the list. Therefore all Microsoft cloud services comply with one of the specific legal requirements of the Dutch Bank.
July, 2013 brought another news — the DNB confirmed that adequate supervision of compliance is not hindered in relation to Dutch Financial institutions using Amazon Web Services (AWS) (http://www.toezicht.dnb.nl/en/7/51-228433.jsp). The DNB’s announcement meant that Dutch banks and other financial institutions have been given the “all-clear” to use AWS for a range of services including websites, mobile applications, retail banking platforms, high performance computing and credit risk analysis solutions. Of course, in addition to the right to examine there are other legal aspects that the financial institution has to meet before they can start using cloud services, like the exit clause in the contract and the completion of a risk analysis.
The Dutch nod comes after Amazon pursued and gained the “FedRAMP” security certification in the US, which shortens the process for US federal agencies seeking to base themselves in its cloud. Also figuring into the decision was Amazon opening its “GovCloud” dedicated data center for institutions that require International Traffic in Arms Regulation (ITAR) compliance by their IT operator.
Dutch company Ohpen was first to welcome this decision, because When Chris Zadeh started developing the Ohpen financial services platform in 2008, he opened an account with AWS and said the company would never buy a computer for its platform. The bulk of the original Ohpen team is from BinckBank, an independent Dutch online broker. Ohpen writes its software in Microsoft.Net and uses MySQL as a database, all on AWS, of course and supplied on a SaaS (Software as a Service) basis.
Their first clients are for example Robeco Direct N.V. (https://www.robeco.nl/), a Dutch bank offering saving products, investment funds, mortgages and other services (manages over €8 billion in assets), and Robein (https://www.robein.nl/), a Dutch insurance company which is using the Ohpen Platform as a master, giving it access to all modules such as the savings accounts, investments accounts, CRM, CMS, Payment, workflow manager and anti-money laundering (AML). With Ohpen, Robein introduced online investment and pension programs. It reduced its total costs by 80 percent and has added 2,000 new customers and 100 million euros in assets under management. By the way, Robeco was the first bank in a cloud in the world.
Ohpen has recently signed an international client to roll out the platform across 10 countries, and it has another bank operating with its platform.
Other organizations around the world already taking advantage of the AWS are for example Bankinter in Spain, Unicredit in Italy and the Commonwealth Bank of Australia (CBA). Bankinter, uses the Amazon cloud to run credit risk simulations in 20 minutes, down from 23 hours before. Since moving their customer website from an internal legacy system onto the AWS public cloud, National Australia Bank (NAB) has saved significantly on technical operating costs and reduced incoming Internet traffic into NAB’s data centres by 90 per cent.
Computing and IT services giant Hewlett-Packard said in February 2015 that it has won a 10-year “multibillion dollar” deal to run computing systems for Deutsche Bank. Under terms of the agreement, HP will build a custom version of its Helion cloud computing service for Deutsche Bank, which will provide computing capacity, storage and a development platform for its wholesale banking business. The deal includes a dedicated data center.
There are also examples of smaller banks moving to cloud based solutions — IDEA Bank from Poland created its own IDEA Cloud (https://www.ideabank.pl/ideacloud), what has already won several awards (Disruptive Innovation in Banking — BAI-Financial Global Banking Awards in 2014 and was Financial World Innovation Awards finalist). Case study — https://www.eurobest.com/winners/2014/innovation/entry.cfm?entryid=1124&award=101&order=0&direction=1
What the future will bring?
On one hand ENISA (European Union Agency for Network and Information Security) and EBA (European Banking Authority) are trying to raise awareness on cloud banking (https://www.enisa.europa.eu/media/news-items/joint-enisa-eba-workshop) among central banks, financial institutions and regulators (https://www.enisa.europa.eu/media/press-releases/why-cloud-adoption-in-the-finance-sector-is-still-lagging) and (https://www.enisa.europa.eu/activities/Resilience-and-CIIP/cloud-computing/cloud-in-finance).
On the other hand, the new EU General Data Protection Regulation (GDPR) includes greater liability for cloud providers rather than just the companies who are their clients. If a bank’s security is compromised for example, in the future not only will the bank be liable, but so potentially will its cloud provider. Companies such as Germany’s SAP, IBM, Cisco Systems and Amazon all oppose the new provisions, claiming it will kill the cloud computing industry in Europe. Such companies also warn that the new rules could hamper the creation of a unified market for digital services — also a core plank of the European Commission’s agenda to boost economic growth.